On December 10, 2021 CVE-2021-44228 was reported, describing an exploit in the Log4j library that allowed a malicious user to run code on an affected system. On December 14, 2021 CVE-2021-45046 was reported, describing a second exploit in Log4j.
Solution
The version of Log4j used in Universal Type Server (UTS) 7 is NOT affected by the reported vulnerability of CVE-2021-44228 or CVE-2021-45046.
Our development teams have reviewed all other vulnerabilities for UTS and have determined these all to be low risk to the product. This means an attacker does not have control over what can be modified.
If you are on version 6.x or earlier of Universal Type Server, please submit a support request to get assistance on how you may be able to update to UTS version 7.0.6. Updates may require you to have a current maintenance/service contract or a subscription with Extensis.